Release 2.2.36.4

diff --git a/NEWS b/NEWS
index 464c74dd30393aa38683fd129ef858fe6890fcbd..67eb47a4b034d4003a817e563f509fb44a6bf4fb 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,9 @@
+v2.2.36.4 2019-08-28  Aki Tuomi <aki.tuomi@open-xchange.com>
+
+       * CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte
+         when scanning data in quoted strings, leading to out of bounds heap
+         memory writes. Found by Nick Roessler and Rafi Rubin.
+
 v2.2.36.3 2019-03-28  Timo Sirainen <tss@iki.fi>
 
        * CVE-2019-7524: Missing input buffer size validation leads into

diff --git a/configure.ac b/configure.ac
index 16283bf284825bea1379eb5459a1c799ad5180fb..4d9f22c00a8ce7d326e1839903ca04d29d6ee276 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -2,7 +2,7 @@ AC_PREREQ([2.59])
 
 # Be sure to update ABI version also if anything changes that might require
 # recompiling plugins. Most importantly that means if any structs are changed.
-AC_INIT([Dovecot],[2.2.36.3],[dovecot@dovecot.org])
+AC_INIT([Dovecot],[2.2.36.4],[dovecot@dovecot.org])
 AC_DEFINE_UNQUOTED([DOVECOT_ABI_VERSION], "2.2.ABIv36($PACKAGE_VERSION)", [Dovecot ABI version])
 AC_CONFIG_AUX_DIR([.])
 AC_CONFIG_SRCDIR([src])